From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <htd@fancy-poultry.org>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id o9048Wmkrt4R for <dm-crypt@saout.de>;
 Mon, 18 Nov 2013 11:43:32 +0100 (CET)
Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.17.8])
 (using TLSv1 with cipher RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Mon, 18 Nov 2013 11:43:32 +0100 (CET)
Date: Mon, 18 Nov 2013 11:43:27 +0100
From: Heinz Diehl <htd@fancy-poultry.org>
Message-ID: <20131118104327.GA3094@fancy-poultry.org>
References: <CAJcs+hn83k0x26pUv+m0V1j-NdNZm7=T1KTHrqBDpzHBr_+d9Q@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAJcs+hn83k0x26pUv+m0V1j-NdNZm7=T1KTHrqBDpzHBr_+d9Q@mail.gmail.com>
Subject: Re: [dm-crypt] Safe to remove keyfile before luksClose?
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 18.11.2013, Johannes Omega wrote: 

> I've a LUKS container that's opened from a keyfile stored on a USB stick.
> Is it safe to remove the USB stick once the container has been
> opened

Yes, it is. The keyfile is only needed once, to unlock the master key.